Re: Database connections aren't being released...
Richard Road Runner wrote: I am not sure that this is a Tomcat issue, but we are not sure what exactly is causing our problem. We are running Tomcat 5.0.27. We are using the most recent jconn2.jar driver to connect to a Sybase SQL Anywhere Studio 7 database via JDBC. Over a period of time, the number of connections to the database continues to increase far beyond the possible number of users. The only way to close the connections is to restart the database server. Again, we are not sure if we should be looking at Tomcat, the JDBC driver, or Sybase to solve this problem. Your web app is not properly closing connections (resources, in general). Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache Tomcat Virtual Host question
Aria Bamdad wrote: Hi, I asked this question yesterday and got no hints from anyone. Since then, I have been able to accomplish what I want using multiple instances of Tomcat. However, I would much rather use one instance and serve requests on different Apache port. Does anyone have ANY comments regarding my issue? Well, having different presentations by using different port numbers is not a common practice these days, since Apache has Name-based VHosts. Similarely, Tomcat supports Name-based VHosts only (unless I am greatly mistaken). So, it would appear that your solution is the only applicable one. The best choice is, of course, to go for name based VHosts, since it integrates very well and makes your URLs look nice. BTW, 443 is HTTPS port, which is different story. So, save yourself a lot of trouble and go for unified VHosts. One observation, though - with multiple instances of TC you have greater robustness. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache and IIS
[EMAIL PROTECTED] wrote: I want Apache to server .asp files, if possible rather than having IIS server to serve .asp files. Look for mod_asp, there are actually several implementations, ChillySoft was one of them, if memory serves. I think they are all based on mod_perl, so have that functioning, first. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Generic Types support in Tomcat?
Seak, Teng-Fong wrote: Nikola Milutinovic wrote: Tomcat 5 supports all the features of the underlying JVM, the problem is in the JSPs. They are compiled by Jasper + Eclipse compiler module, which, in version 5.5.9, has no support for Java5. Later versions of Tomcat have a newer version of Eclipse Compiler and it works. Also, you can plugin manually a newer version of Eclipse compiler, try to search the mailing list for posts on how to do it (simple, if I remember correctly). I would just forget about it. Nowadays, a simple search would give hundreds, if not thousands or millions, results. The problem is I don't know what keyword(s) to use. Last time I spent quite a lot of time (at least half an hour) to find out that Tomcat (well, JSP) couldn't support Java5. Well, just to clarify, JSPs *can* run Java5 idioms - if you provide Tomcat with a JSP/Java compiler that will undestand them. Servlets are compiled by you and will have no problems running on the desired JVM. OTOH, having Java code in JSPs is evil and should be moved to Servlets or Struts Actions or whatever is the equivalent in Java ServerFaces. JSP are for displaying only. Having said that, I must contradict myself here. I have found that sometimes having a bit of Java code in JSP can clarify things, but it can also bring in a nightmare, especially with JSF. Keep Java code in JSPs to the minimum and if you have to use it, use it for presentation logic only. Business logic should be elsewhere. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Generic Types support in Tomcat?
Christoph Kutzinski wrote: To be honest, I never tried it with 5.5.9 I just concluded it from the release notes and other posts on this mailing list. AFAIK, tomcat uses the Eclipse JDT compiler by default to compile JSPs. Maybe you have configured tomcat to use Suns javac? That is one way of doing, the other is to download latest Eclipse JDT compiler and configure TC to use it. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: (WAS) Generic Types support in Tomcat?
Santosh Asbe wrote: Hi all, Hi. First of all, it is very advisable to use a separate thread when opening a new topic. I am not reprimanding you, I'm merely advising. I do not consider it rude to jump into someone elses thread of discussion - I do not consider this thread mine, in the first place. The problem is, this thread has been going on for some time and most people are not going to bother reading it at all, so you will loose valuable audience. A] I am using tomcat 4.1.30 ( 32 bit) with Apache 2.0.46 ( this is standard apache which comes with RHEL 3.0). I am currently using RHEL 32 bit without RAID confiuration. There is no 32-bit version of TC, it is Java application. JVM, of course, is and should be 32/64-bit. Now i am planning to move to 64 bit RHEL 3.0 with RAID configuration but he the new Apache of RHEL 3.0 and same tomcat 4.1.30 ( 32 bit). I am facing a problem with mod_jk. I feel it is 32 bit complied mod_jk. It most likely is. Can anyone help me with the solution Unless you can locate a 64-bit version of mod_jk, try compiling your own version. You'll need apache-devel-* RPM for that. Some might say that even 32-bit version of mod_jk will work, but I would fly away from it - mod_jk is a sensitive pieve of software, connecting (multithreaded) Apache with multithreaded TC and the version should be as close to the target platform, as possible. B] Also my tomcat goes into hang state . So i have set an parameter LD_ASSUME_KERNEL=2.4.21. That is my Linux kernel version. Is this ok. where do i set this parameter. i have set it in the catalina.sh. The location is OK, but you should not use it on the new kernel. Is it 2.6.x? Older releases of 2.6 branch had a problem with JVM and you had to set that parameter. New releases should be bug free. C] Sometime when the tomcat is started it spwans more than one processes. And then during shudown it creates problems. Also sometimes the list of open files goes beyond 1024. that is he ulimit. due to which he tomcat doesnot respond. Linux kernel 2.4 emulates threads through lightweight processes/tasks. There is nothing fundamentally wrong about it (perhaps internal resource ecconomics are misused), AFAIK, but the ps output is going to confuse you, showing each thread as a separate process. Nothing problematic about it. The number of 1024 processes/threads is alarming, however. TC will normally wpawn idle worker threads to prepare for future requests, but the parameter is usually less than 100. I'd say your application is launching threads for some reason. Either that or there is a serious bug in your system. D] I am currently using 4.1.30 version of tomcat. Are there any fixes or upgrades for this tomcat. Can you inform me the link for the same. 4.1.30 is the last normal RPM, I know of. There are newer versions, check out www.JPackage.org. Word of caution, prepare for RPM dependancy nightmare, unless you're using some RPM management tool. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Generic Types support in Tomcat?
Seak, Teng-Fong wrote: When I first saw the announcement that Tomcat 5.5 needs Java5 to run, I thought it would supports Java5 features. But it turns out that it needs Java5 but not supports Java5. Quite disappointed. Anyway, I have to go on with my webapp, so much for it. Tomcat 5 supports all the features of the underlying JVM, the problem is in the JSPs. They are compiled by Jasper + Eclipse compiler module, which, in version 5.5.9, has no support for Java5. Later versions of Tomcat have a newer version of Eclipse Compiler and it works. Also, you can plugin manually a newer version of Eclipse compiler, try to search the mailing list for posts on how to do it (simple, if I remember correctly). Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP on RHEL4 with Apache httpd RPM?
Peter Flynn wrote: I need to add JSP ability to a RHEL4 server running the current Apache httpd from the Red Hat RPM. Apparently the httpd RPM available from Red Hat doesn't have the hooks needed to allow JSP files to be passed to Tomcat (or if it does, I can't find them). Has anyone managed to serve JSP with Tomcat on a RHEL4 machine running their stock httpd? I'd rather not have to resort to building Apache httpd from scratch, as that would mean also moving away from RPMs for MySQL and PHP, in order to maintain synchronisation between them. You're looking for mod_jk RPM or mod_jk2 (which has been dropped from development). If you see mod_webapp RPM, run for your life. As a workaround, you should be able to use mod_proxy to proxy requests for TC to it. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDI DBCP Resources: Pool Leak
Justin Jaynes wrote: Concerning JNDI Database Connection Pooling Sources, I have read that if you fail to explicitely close Result Sets, Statements, or Connections to the DataSource from WITHIN the web application, a connection in the pool will be lost. (I read this at: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/jndi-datasource-examples-howto.html). I understand that you can set an option to reclaim lost connections. That's great. But to avoid this in the first place, I have a question. I have a JSP which sends Statement objects to a Bean (not a bean by exact definition) which accesses the database and returns a ResultSet. The jsp code is like this: % com.x.DatabaseInterface web = new com.x.DatabaseInterface(); % % web.connect(); % % String selectSQL = SELECT * FROM place;; % % ResultSet result = web.selectQuery(selectSQL); % % while ( result.next() ) { % %= result.getString(placename) % % } % % web.disconnect(); % Of course, there are statement objects and resultset objects in the code above. Do I have to explicitely close them IN JSP AND also the ones IN THE BEAN or just the ones in the BEAN? I suppose this is a fundamental principle of Java which I do not fully understand as the objects . Can someone please enlighten me? Well, generally speaking, it is good practice to close/dispose_of a resource near the point where it is created, if it is of a transient nature. In your case, ResultSet, Statement and Connection are of transient nature, since you're not really interested in them, but in the data they give you. The best way of doing it is having a bean that will take DataSource and do it's stuff with it, creating and closing what is neccessary to load itself with data. I used Struts in my previous project and my Struts-Actions were taking DataSource, handing it over to a DAO implementation, which was responsible for DB manipulation. Struts (and JSP) saw nothing of that. In your case, yes, you should close the connection, at least. Actually, you should close RS, St and then Connection, in that particular order. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: configuration files for war deployments
Patrick Lacson wrote: hi All, If I were to deploy my application as a .war file, where do I place the .properties configuration files? I know there's the option of auto-expanding the war file at deployment, but is there a way to keep the war file unexpanded and provide an external .properties file for the web app to read from? Most likely, in the WEB-INF/classes dir, where it can be picked up by the classloader. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ssl/tls - INTEGRAL/CONFIDENTIAL - question
[EMAIL PROTECTED] wrote: Hello, I'm having some trouble configuring secure connections. I have 2 webapps that I deployed myself. One in /dspace and another one in /odin. I have set the transport-guarantuee for both to INTEGRAL. I did this in their own web.xml-files. In both cases I used / as url-pattern. I have set the transport-guarantuee for /manager to CONFIDENTIAL. I have set ciphers to (shortened) NULL_SHA and two others with encryption and authentication. When I browse the /dspace- and /odin-pages I het authentication and encryption, while I only would like to have authentication. Can anyone tell me/help me why I also get encryption in these cases? The answer is simple, with SSL/TLS, there is no other way to guarantee integrity of the transport, other than encrypting it. (All right, maybe there is, but current implementations of HTTPS work this way). As for authentication, it has got nothing to do with either INTEGRAL or CONFIDENTIAL transport. It is a separate thing. Autehntication gives means to establishing the trusted identity of a user (checking if the ID given is authentic). It can be done via several mechanisms, some of which are: - HTTP Basic (user/pass in Base64 encoding) - HTTP Digest (MD5 digest auth) - HTTP SPNEGO (supported by MS IIS and Apache+mod_auth_krb/mod_spnego) - Certificate (if a user has a personal certificate, it can be trusted to have verified ID). Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to set auto-commit to false on a Tomcat Connection-Pool?
Allistair Crossley wrote: I found this on the web for Struts using org.apache.commons.dbcp.BasicDataSource which I believe Tomcat also uses. Therefore perhaps you can try defaultAutoCommit instead. data-source key=homeDS type=org.apache.commons.dbcp.BasicDataSource set-property property=driverClassName value=oracle.jdbc.driver.OracleDriver / set-property property=url value=jdbc:oracle:thin:@localhost:1521:DBLOCAL / set-property property=username value=user / set-property property=password value=pwd / set-property property=maxActive value=10 / set-property property=maxWait value=5000 / set-property property=defaultAutoCommit value=false / set-property property=defaultReadOnly value=false / set-property property=validationQuery value=SELECT SYSDATE FROM DUAL / /data-source All of these are documented on Jakarta Commons-DBCP page. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RAM limity
Paulo Alvim wrote: Hi, I'm using TC559 and JVM 1.5.x with Win2003 / 2GB RAM. I'd like upgrade to 4GB RAM...is there any JVM or Tomcat limit here? I think JVM cannot use more than 1.6 GB of RAM - dunno why. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connection pool exhausted
Tony Smith wrote: I am runing tomcat 5.0 + postgresql. I set my connection pool in server.xml as: Resource name=jdbc/mysource type=javax.sql.DataSource password= driverClassName=org.postgresql.Driver maxIdle=100 maxWait=5000 validationQuery=select * from test For PostgreSQL (and MySQL, too), this is better done via SELECT version(), just an observation. username= url=jdbc:postgresql://localhost:5432/mydb maxActive=100/ You can add parameters, like removeAbandoned to remove hanging connections. I call it from my servlet as: public Connection getConnection(){ try{ Context initCtx = new InitialContext(); Context envCtx = (Context)initCtx.lookup(java:comp/env); DataSource ds = (DataSource)envCtx.lookup(jdbc/mysource); DatabaseManager.initDataSource(ds); return ds.getConnection(); }catch(Exception e){ e.printStackTrace(); } return null; } I use the connection as: Connection connection = getConnection(); //jdbc //I did not call connection.close(). Should I? YES! The Connection you get from this is a wrapper class, that will actually return the connection to the pool, when you call close() on it. Then, I can run my web app. But not for long. I got the following exception after browse a few pages: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool exhausted Always close ResultSets, Statements and Connections - in that order. This code will illustrate it for you: PreparedStatement pstat = null; ResultSet rs = null; try { pstat = conn.prepareStatement( SELECT ... ); pstat.setInt( 1, x ); ... rs = pstat.execute(); ... } catch (SQLException ex) { ... } finally { if (rs != null) { try { rs.close(); } catch (SQLException ex1) {} } if (pstat != null) { try { pstat.close(); } catch (SQLException ex1) {} } if (conn != null) { try { conn.close(); catch (SQLException ex1) {} } } Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Slightly OT] JDK 1.5 + enum + serialization
Hi all. I have a question, which is slightly off topic, but can crop up in TC. SHORT VERSION: can a Java 1.5 enum be serilaized? LONG VERSION --- I have been working on project that uses it's own RPC via java.io.DataInput/DataOutput and I have run into a wall trying to send an enum via comm channel. I always get InstantiationError. When I gave it a thought, it became clear that *that* operation is not possible. Why? Well, enums look like classes, in that they can have methods, constructors and attributes. One major difference, though, is that constructor is NOT public and you cannot instantiate an object of type enum. And, just to be absolutely clear, you shouldn't be able to do that with enums - they are not classes. Enums are like collections of named constants. So, my question is basically, can enum be serialized via Java Serialization? What does it have to do with TC? :-) Well, TC uses serialization for session objects, when it shuts down, right? So, if you have objects that are enums or have enum attributes, what should you do? One solution, and that is the approach we're using, is to have an external representation of your enums, like int or String nad use that for serialization/deserialization. Anyone has a better hint? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location - find_vma failed
Wasik, Paul wrote: Hi all, Can anyone point me in the right direction on what might be causing this error in my catalina.out log file? I'm running Tomcat 5.0.28 on a RedHat EL3.0 server with Sun JDK 1_5_0_03 and am using the jsvc launcher. Aside from this entry in my log file, everything seems to be working fine. This is due to the fact that your system has a rather high security setting. I have the same thing on my Mandrake. Basically, java is unable to read /proc file system and cannot determine some facts about it's own process. This is mostly harmless, since my TC is running with that, no problem. Perhaps it could be worthwhile to investigate and see what permissions tomcat user should have on the system to access /proc FS. It is also a good question whether or not, tomcat user *should* have access to proc fs. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: web.xml breaks EL
Dewitte Rémi wrote: Hi ! I have a simple test jsp : %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c % c:forEach begin=1 end=3 var=ind h${ind} ${ind}aBaa/h${ind} /c:forEach When I delete my web.xml, everything works well but when I reload the context with it, the EL replacement doesn't work. I can't see why. I have a very simple web.xml : ?xml version=1.0 encoding=iso-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.2//EN http://java.sun.com/j2ee/dtds/web-app_2_2.dtd; This is web.xml for a Servlet 2.2 specification and you need 2.4: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4 Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: symmetric crypt algorithm
Carlos Bracho wrote: It's a java question more than a tomcat question Do you know where can I find a symmetric crypt algorithm implementation in java?? like blowfish, idea or des?? take a look at Java's Cryptography packages java.crypto.* Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: iterate on a value
David Rickard wrote: If you don't mind mixing Struts and JSTL, use a c:forEach loop, with the end value being the number of children parameters; At 11:00 AM 6/30/2005, Dewitte Rémi wrote: Hello ! In my form , i ask the number of children. On the next page, i'd like to display as many textboxes as children to get their name. logic:iterate provides iteration on array or collection, how can i iterate on the number of children ? A word of caution on mixing Struts and JSTL - there are situation when it breaks. I've had a webapp, using Struts 1.1 and JSTL 1.0 (Jakarta JSTL) and the application did not want to deploy at all. When removed JSTL, it ran just fine. As for the original question, well, the Action class in between those two requests can build an array for iteration. It is ugly, but it works. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Uploading files to another server
Anna Bikkina wrote: Hi, We have an application which uploads files to a machine where tomcat is running. Now we want to change it to upload files to a central server in the network. We were using multipart request to upload the files till now. How can we upload files to a different server than where the tomcat is running. Any suggestions are appreciated. Can you please point me to some examples. Hi Anna. You didn't say if you wanted to change anything besides the final file location, so I'll assume you don't want to change it. Well, it is just a question of how can your Tomcat server reach that new destination. It would be best if it could be done seamlessly, like through a mounted file system. Again, you didn't provide us with details, which OS is running on both of those machines. Anyway, you can use combinations of NFS mounts and SMB mounts, where servers can run Linux or Windows. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Shell command to stop and start a webapp without using the manager?
[EMAIL PROTECTED] wrote: Hi all, I'd like to know if there's a shell command to stop and start separate web applications. With our configuration, we are unable to use the manager. * We are running Tomcat 5.5 and Apache 2 with the JK Connector (mod_jk) on RedHat Linux. * We have several virtual hosts. When we used 1 service with multiple hosts, we had the problem that our different webapps were sharing the same memory space and they kept stepping on each other. So we split things up. Each host is using a separate service on a different port (see example below). Take a look at Ant Tomcat task. It is used to deploy new webapp from Ant and Ant works from command line. I think this is your best bet. Not to mention that Ant has such a wide variety of other tasks, it is a great boost to your work. You might need to do some other tasks at that time and Ant can help a lot. Of course, if something *is* a job for a shell script, it might be better to do it a s shell script job :-) Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Concurrent login detection - how?
Andre Van Klaveren wrote: I mentioned this issue (killing browser problem) in a previous posting. The only way to prevent this is to invalidate the original session also in the event that a duplicate login was detected. I can see a possible DOS attack problem with this solution though. Maybe you shouldn't invalidate the original session and make the user call helpdesk to invalidate the original session. This would aid in the tracking of this event also. To DoS or not to DoS? I would let the session expire naturally, let the SessionListener cleanup and logout the user and when a duplicate comes in tell them what is the case. If they need access *now*, they can call the help desk. Using IP addresses is usually not a good way to detect duplicate logins. I guess this would work in a controlled environment (intranet) where you can guarantee that the user(s) aren't behind a proxy server. It's definetly not an option for a public site. True. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: email from tomcat
Jef Sullivan wrote: Something that I found concerning this same issue is SendMail. Google for SendMail and you might find what you are looking for. Interesting, but I suspect the original poster would need to sink teeth into JavaMail API, anyway. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] when to share jars
Tim Funk wrote: Never. I share jars. I wish I hadn't. When you upgrade JSTL, struts, etc - all get the upgrade for free - but that means ultra stable apps which haven't been touched in years may magically break. You're absolutely right Tim. If it works, don't fix it. And there is nothing worse than fixing (and breaking) something you never intended to touch, in the forst place. JPackage project is a valiant effort, but anyone who has gone through their (or any other) RPM dependency hell knows that stability is hard to achieve and even harder to preserve. You might lean on JPackage, but you'll still be unable to prevent upgrade from breaking stuff. Of course, you can require an exact version of JSTL, Struts,..., but that is just like saying don't touch anything. Since there is nothing in the J2EE contract that would provide some sort of library versioning control, the only thing you can do is package JARs with each web-app. That, unfortunately, bloats the WAR, but there is no other way to ensure stability. [Exception - log4j ... I like have a common/lib log4j] Didn't someone complain on loggers overwriting each other? Of course, it might be a case of misuse. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Paths for JkMount
Greg Scott wrote: -Message d'origine- De : Greg Scott [mailto:[EMAIL PROTECTED] Envoyé : 11 juin 2005 23:41 À : tomcat-user@jakarta.apache.org Cc : [EMAIL PROTECTED]; Joan Kinnischtzke; Michael R Ponicki Objet : Paths for JkMount Hello - I am working on a proof of concept application, porting from tomcat 3.n and Apache 1.3 to Tomcat 5.5.9 and Apache 2.0.52. The problem - every time this app would try to execute a .jsp file, Apache would return an error. After a bunch of troubleshooting in httpd.conf, I found the problem. It was these JkMount directives: JkMount /servlets/* worker1 JkMount /*.jsp worker1 JkMount /*.do worker1 I was assuming these paths were all really relative to my DocumentRoot - but noo! The path evidently needs to be a real, absolute path. These directives work: JkMount /var/www/html/{approot}/servlets/* worker1 JkMount /var/www/html/{approot}/*.jsp worker1 JkMount /var/www/html/{approot}/*.do worker1 (where {approot} is the directory with all the html, jsp, and other files.) And now the app seems to behave properly. But this bothers me - aren't all these supposed to be relative to DocumentRoot? Am I missing something or are JkMount directives supposed to point to an absolute path? The docs say those are DocumentRoot relative paths - or to be more precise, those are URIs, just like uri section of workers2.properties in mod_jk2. Coule it be that those directives are inside a Directory ... and that *that* is causing file path to be assumed, instead of URI? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Concurrent login detection - how?
David Rickard wrote: Don't know if this is an optimum solution, but it should work: Keep a List or Vector of IDs for active users in a shared, application-level object (probably ServletContext); When someone logs in, search the List for the submitted ID: if not present, continue with login sequence; if present, kick them to the duplicate login page; Remove IDs from the List when users log out (and add a ServletContextListener to catch people who leave the site without logging out--remove their IDs when their sessions time out); This is definitely a correct approach, but it has onw shortcoming. Suppose one user opens up a session (logs in) and his/her browser dies. The user opens another browser and tries to login, only to be kicked to duplicate user page. I think in this case, the original poster should have a vector or a hash map of user names and remote machine names/IPs. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RMI in Tomcat - last try
Woodchuck wrote: hihi Nikola, where are you placing your JAR files? are any in TC/commons/lib or TC/shared/lib? try placing everything together, just as a test. put *all* your classes and JAR files under TC/commons for example and give it a try... they should be able to see each other if they are at the same classloading hierarchy level... this is what i suspect your problem is http://struts.apache.org/userGuide/configuration.html#config_add Hi Woodchuck. I forgot to mention that, when I place ALL classes inside WEB-INF/classes, including the *_Stub classes, then it works. I guess in that case TC's classloader picks up the classes before RMI classloader and, since it is teh same CL, it works. This solution is a patch, as far as I am concerned, since copying all those classes to clients classpath (TC's webapp WEB-INF/classes) is actually what RMI is supposed to root out. If I cannot have server classes in RMI codebase (one place), then I can as well go use RPC or pure sockets/serialization. All of this still makes me believe that somehow RMI classloader should be introduced into TC's CL hierarchy. Or maybe install JBoss altogehter? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RMI in Tomcat - last try
Hi all. Me and the team have given up on RMI and went to RPC, but I thought I'd make one last educational attempt. Is anyone using RMI in TC where TC is acting as a RMI client to a remote RMI, general-purpose, server? I have seen tons of (rather old) examples of Applet being a RMI client and they do not help me one bit. To remind the group of my problems, I'll recap. I have a working RMI client and server packages, plus command line test client application which uses RMI client lib successfully against the server. When the same lib is used in Tomcat from a servlet, it throws ClassCastException. Further investigation has shown that the class that Servlet gets from RMI subsystem implements the desired interface, to which it is being cast. It also showed that the classloader of the class was RMI ClassLoader, while other classes in the servlet, including servlet itself werefrom TC's ClassLoader. It lead me to believe that *that* is the source of the problem. It has occured to me that, since TC web application has several classloaders, bound into a hierarchy, maybe RMI classloader should be somehow introduced into it. QUESTIONS Am I on the right track? If yes, how do I bind in RMI ClassLoader into TC's ClassLoader hierarchy? And, lastly, who should do it - Servlet or RMI client? The last question is more a design question, but it could also be a feasibility question, too. Can RMI client detect a classloader it should bind into? It could be dome from the Servlet, but I would like to have a general purpose Servlet that would be oblivious of underlying implementation. I thought that at least JBoss developers would have something to say on this question, since, as I recall, JBoss uses or has been using a lot of RMI. There was one article or was it JBoss docs, which explained some problems of classloading, which were very similar to mine. I don't recall those docs saying anything to solve the problem in TC. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with security?
Gagnon, Joseph M (US SSA) wrote: Did I not say that I'm new to this? I made no mention to whether or not I was trying to make it secure. This is only meant to be used within my company's intranet and my intention was to take the user account and then compare it with a set of registered users in the application's DB. I am beginning to see that at the very least I need to create some kind of mechanism (although I don't understand yet how to go about that, or how many different ways it can be done) to perform user authentication. If anyone can provide information on how to do this (keep in mind I'm new at this), please let me know. HttpServletRequest interface gives you remoteUser() method to determine WHO requested the page. How server gets this is another story. Basically, some sort of authentication has to take place. Keep in mind that in production people usually place Apache as a front-end, which can have benefits in your case. There are several mechanisms available for authentication: - HTTP Basic (both TC and Apache can do this) unencrypted user/pass - HTTP Digest (both TC and Apache can do this) MD5 Digest hashing (secure) - HTTPS Client Certificate (both TC and Apache can do this) - HTTP Negotiate (TC cannot do this, Apache needs mod_krb_auth or similar module, IIS can do it) Basic is supported by all browsers, Digest is not so commonly supported (AFAIK), HTTPS is widely supported. Negotiate is intended for MS Active Directory, since it can go with Kerberos V. It requires advanced sys admin skills to setup, but it will give your users the ability to login to ADS and use those credentials for authentication to your application. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE-Page not found problem
sudip shrestha wrote: Dude: Read the email first... I am informing of the problem after we experienced with IE... As you have said, YOU did not expirience it, since you're using FireFox. It would be most advisable to do two things: 1. Use IE yourself (I know, I loathe it, too, and prefer Mozilla+Tidy_HTML_Validator) 2. Look at the logs - pages that were missed should show up in the logs. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE-Page not found problem
Rafa Krupiski wrote: Joe Plautz wrote: Simple, test with IE as well. yet simpler, tell your users it's IE problem and to use firefox instead :) It is still worth investigating. Mozilla/Firefox is eager to correct badly formed HTML, just as IE is. I would advise you to install Tidy HTML Validator in your Firefox and to weed out all errors and warnings, if possible. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Which is best practice for stowing objects, request or session context?
Adrian Beech wrote: Hi all, A work colleague mentioned on Friday it would be better to place objects (beans and the like) which had been created in a servlet into the request context when exposing them to the JSP. To date all the code I've written stores beans and the like in the session context and all has appeared to be fine thus far. I understand the nature of the various contexts and how they relate to the process life cycle, etc. Can someone please shed some light on this and possibly explain the merits of placing the objects in either context? For example, what are the pitfalls of using the request context? Is there any material around which adequately details when or when not to use the specific contexts? Well, the main merit of placing an object into the request scope is that it's life ends with the request, so you do not have to remove it explicitely. Objects placed in session fall into two categories: - real session objects - multi-request objects Real session objects are really tied to one session, like login id or such. Multi-request objects are for instance Struts ActionForms (beans that correspond to a HTML FORM), which need to be present during several requests - think wizard style FORMs and FORM validation handling. These situations require a (form) object to exist longer than just one request. The alternative would be to store the object in the DB between requests, which may range from awkward to problematic. What should one do if the session ends abruptly? Yes, you can have session listeners, which could track down all intermediary or incomplete objects, but is it worth the trouble. OTOH, loading a session with large objects can eat up the memory and affect not only performance of the system, but it's stability, as well. The art is finding the golden median. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RMI classloader issues in TC - second time
Hi all. I have been mucking around this for some time and have some empirical data and a question for the list. BACKGROUND --- I'm building a web client for a RMI client/server application. RMI server and client are working from command line. Next I built JSP/Servlet which uses that RMI client interface to give web GUI to the application. RMI server: SearchServerStub implements SearchRMI RMI Stub: SearchServerStub_Stub (I'm running in JDK 1.5.0, thus no *_Skel class) RMI client: SearchClientRMI Whenever my Servlet/JSP executes a method of SearchClientRMI, which has this in it: SearchRMI server = (SearchRMI) Naming.lookup( rmi://localhost/Search ); I get a ClassCastException: SearchSearverStub_Stub. I have inspected this from a debugger (JBuilder) and the class that is returned from Naming.lookup(...) is SearchServerStub_Stub, which DOES implement SearchRMI. TRIALERROR -- Well, fiddling around with the whole setup has given me a situation under which this works. If I copy SearchServerStub_Stub into WEB-INF/classes I do not get the exception. CONCLUSION -- I can say with 99% certainty that this is a classloader issue. TC sets up a classloader for my web-app which reads from WEB-INF/{classes,lib} - that I know. RMI has it's own classloader, as it must - that I also know. It looks like the class loaded by one classloader cannot mix with a class from another. I believe I have read something like that in one JBoss article. In this case my local webapp classloader is first queried, I guess, and it loads the requested class from it's classpath. In unsuccessful case, the _Stub class was loaded by RMI's classloader and thus the difference. QUESTION - Given my situation, what is your recomendation I should do? I can copy stub classes to the client, but that is awkward and IT IS NOT what RMI was intended for. It was intended for transparent and network located classloading. If I have to copy RMI stub classes (and, I suspect, implementation classes, too) to the client (web application, in this case), then I'm better off not using RMI at all. Can someone advise? Has anyone been bitten by this? I think this is mostly intended for the TC developers, not to forget JBoss group, too. But, anyone who has insight into this matter is welcome. I'm relieved to have a working solution, even if it is a patch-quality. I will have to evaluate the applicability of RMI in this situation. It could be that I'm doing something wrong here. Just to note, I'm not setting on TC anything RMI specific, like -Djava.rmi.server.codebase, only the security policy (and, boy, does that need being relaxed, I had to open connection to TCP ports 1024-65535). TYIA, Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
load-on-startup, but in Struts?
Hi all. Maybe this isn't a good list for this, but here goes. I know how to define load-on-startup for a Java Web Application, no problem there. My question is how do I do it for a Struts application? The trick is, I'd like to load some application parameters from the DB into the application scope. And the DB access definition is in the Struts DataSource. Due to restrictions on the server setup, I cannot have the admin setup a norma DataSource form my context, so I'm forced to use Struts' implementation. Don't warry, I'm not using the dumb GenericDataSource, but normal DBCP. It's just not defined in server.xml, but in ./WEB-INF/struts-config.xml So, my problem is, if I have a servlet that starts on application load, how can it access Struts' config and access the DB? I'd hate to have to hardcode DB access stuff. One thing that pops into mind is a servlet that uses HTTP client to trigger a load action, but it is un-elegant. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Addendum] Re: Tomcat and RMI client - setup (ClasCastException)
Bill Barker wrote: Nikola Milutinovic [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] - setup catalina.policy - run it with -security option I'm on Windows XP, how do I enable security mode for TC? That's the idea. And, as a bonus, it works the same on Linux, Solaris, OS/X, . OK. I've realised that TC should handle security and now it works - on 5.0.19, imbeded in JBuilder. Well, I meant ot say it partially works. This is what I have set: -Djava.security.manager -Djava.security.policy=.../conf/catalina.policy -Djava.rmi.server.codebase=http://localhost:8080/MyApp/classes/ All seams to work except, I get a class cast exception when I cast this: Object obj = Naming.lookup( //localhost/Search ); SearchRMI search = (SearchRMI) obj; The funny thing is, when I inspect the result from the JBuilder, it shows that obj is of a class SearchImpl_Stub, which implements SearchRMI interface. I suspect I'm being hit with some RMI classloader issue, so my next question is: Has anyone done this? And what am I doing wrong? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
TC and RMI ClassLoader issue
Hi all. I'm having problems with ClassLoader. I have a RMI client that calls a RMI server. What I keep getting as an error is a ClassCastException. This is the code: Object obj = Naming.lookup(url); search = (SearchRMI) obj; And the exception is: java.lang.ClassCastException at com.qspi.client.search.SearchClientRMI.setHost(SearchClientRMI.java:49) at com.qspi.client.search.SearchClientRMI.init(SearchClientRMI.java:33) at com.qspi.client.search.SearchClientFactory.getRMIClient(SearchClientFactory.java:87) at com.qspi.client.search.SearchClientFactory.getSearchClient(SearchClientFactory.java:38) at org.apache.jsp.search_jsp._jspService(search_jsp.java:68) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) ... The client code works flawlessly from a JUnit test. What I have determined is that the object returned by Naming.lookup(...) is of a RMI ClassLoader. The returned object is a stub, which implements the SearchRMI, but if it is a different ClassLoader, I guess it cannot cast. I'm not sure why that isn't failing in JUint, but it is failing in Tomcat 5.0.x. I'm going to test it on some other installations I have, but I'd like a good explanation on ClassLoaders, if someone can enlighten me. How do others do this? Are there any tutorials for RMI in Servlets? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and RMI client - setup
Hi all. This might be a simple question. I have a working RMI client and server. I have tested it no problem. Now I would like to make a JSP/Servlet that will act as a RMI client and connect to the RMI server running outside Tomcat JVM. I keep running into access permission violations. I understand that I need to setup security policy, I had that for RMI. One thing than makes me slightly suspicious, is the fact that when I debug TC/RMI combo, I can see that my RMI client enters into setting up RMISecurityManager: if (System.getSecurityManager() == null) { goes in = System.setSecurityManager( new RMISecurityManager() ); } Is that OK? I thought TC would setup security manager. Now, my question is, what about Tomcat? If I want to run this, what do I need to do? If I get it, I need to: - setup catalina.policy - run it with -security option I'm on Windows XP, how do I enable security mode for TC? Am I barking up the wrong tree? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: An unexpected exception has been detected in native code outside the VM.
David B Sullivan wrote: We're running Tomcat 4.1 on Sun Solaris 9, connecting to another Solaris 9 box running Oracle 9.2.0.1 and Java 1.4.2_05. When Tomcat tries to connect to the DataBase, it crashes, with the log file shown below. We can point Tomcat at another DataBase, same versions of everything, and it works fine. We can point to this DataBase from another server, with everything being the same and that works too. Not being knowledgeable of Tomcat or reading the traceback information, I really don't know where to start looking We're locked into versions because of the Application, so I really need to get this Version working. Can anybody tell me what this log file is saying?? Any info would be much appreciated. Thanks, cat hs_err_pid2578.log An unexpected exception has been detected in native code outside the VM. Unexpected Signal : 11 occurred at PC=0xEF8EDD88 Function=[Unknown. Nearest: vcharSizedNormalizeUTF+0x460] Library=/usr/local/matrix/1052/RMI/lib/solaris4/libvgalaxy-unicode.so.7 Current Java thread: at com.matrixone.jni.MatrixKernel.dbStartup(Native Method) at com.matrixone.jni.MatrixKernel.getKernel(MatrixKernel.java:47) This sounds like you're using Oracle's JDBC driver that is not Type-4 (pure Java). It is crashing in one of the external libraries. The immediate remedy is to use a pure Java JDBC driver. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IMPORTANT NEED Tomcat Connection advice
[EMAIL PROTECTED] wrote: Please, I need Advice for connections Hi guys. I need a technical advice using tomcat 5.0 Presently, tomcat server is used with JBOSS in a solution that I am developping for my clients. Users are connecting to the solution by invoking a servlet (runned by tomcat). If a user is auhentified, then I use HTTPServletResponse object (in the service method) to get the Outputstream of that object = HTTPServletResponse.getoutputstream) Then this stream will be use to handle communications between my client application and my custom Server Process (I need to send real time informations through this canal). Then you're messing it up. HTTP has no paradigm of a session, which is what you need here. HTTP has a very clear request/response model. It is not designed to hold the HTTP channel open indefinitely and will break off after a timeout. Timeout is configurable both on client and server sides. So, you can easily get server timeout or client timeout on the connection. And that is definitely not good for a realtime application :-) Even if you consider using HTTP/1.1 and Keep-Alive option, it will not help you, since it holds the TCP channel open, but request and rsponse may still timeout. Important = A client session can last several hours, so the life of the servlet is set to time infinite. Then you're definitely looking for some session oriented protocol, be it your own or something existing, like SSH (not your case), a generic SSL channel (if you need encryption) or something you build. In fact I had the idea delegate socket connection managment, to tomcat engine, by setting servlet life time to infinite. Is it a good way to do, or should I use a socket pooling algorithm (actualy, the server can freeze, after unregular amout of times, time for writing operation in the Output stream can increase until being totaly unusuable, I have to close, and reconnect) The objective is to handle more than 1000 client sessions. Please, i need a quick answer . Thank you for your help. Use servlets what they are intended for, please. Even if you succeed, somehow, you'll be writing most of the low-level code anyway, so why not go for a clean solution - one that you can control and configure yourself. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Force Non-SSL
August Detlefsen wrote: Is there no way to do it? SSL creates a lot of overhead for a site that is serving up 100MB image files. There are ugly or less ugly workarounds, like the one yahoo uses. Login can go against HTTPS, sets up it's version of session and then redirects the user to HTTP. There the server will pickup the user via a cookie or a URL containing yahoo's session. From there on, yahoo can use any session mechanism it likes. This, of course cannot be coupled with HTTP AUTH Basic. It is outside of that spec. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: html:errors/ blank page on invalid form
Andy wrote: Hi All, I'm unable to output any errors using html:errors/ tag, in Tomcat 5.5.7 I've tried numerous configurations and have now ran out of patience. As I haven't been using Struts for more than three days I hope somebody more experienced can point help me out. When I select Submit, entering data into my form fields so the form is parsed as valid, the forward works correctly. When I leave the fields empty, so the form is parsed as invalid, I just get an empty page back - which must be generated by Struts as it doesn't match any HTML I have. Check out the logs, you could be running into an exception. Also, set buffer size of 20kb on all your pages, while you're testing. Empty output can also be caused by an exception in the page itself, and buffer being already sent. Here is what I have in various files - logon.jsp - %@ page contentType=text/html;charset=UTF-8 language=java % %@ taglib uri=/tags/struts-bean prefix=bean % %@ taglib uri=/tags/struts-html prefix=html % html head titlebean:message key=logon.title//title /head body html:errors/ html:form action=/SubmitLogonForm.do table tr tdUsername/td tdhtml:text property=username//td /tr tr tdPassword/td tdhtml:text property=password//td /tr tr td html:submit/ html:cancel/ /td td/td /tr /table /html:form /body Looks fine, except for the buffer page directive. In LogonAction.java - public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { if (isCancelled(request)) { log.debug(cancel pressed); return mapping.findForward(Constants.FAILURE); } Why would you consider Cancel a failure? Not that it will not work, but... LogonForm logonForm = (LogonForm)form; log.debug(username +logonForm.getUsername()); log.debug(password +logonForm.getPassword()); return mapping.findForward(Constants.SUCCESS); } You're not checking the login, but that's fine for a test. In LogonForm.java (I have getters/setters for HTML fields, and a reset method, not shown) - public ActionErrors validate(ActionMapping actionMapping, HttpServletRequest httpServletRequest) { log.debug(validate); ActionErrors errors = new ActionErrors(); if (FormUtils.isNullOrEmpty(httpServletRequest.getParameter(username))) { log.debug(logon.form.username.invalid); errors.add(ActionErrors.GLOBAL_MESSAGE,new ActionMessage(logon.form.username.invalid)); } You don't need to use GLOBAL_MESSAGE, that is wrong, I think. And use errors, not messages. My validation would read: errors.add( username, new ActionError( logon.form.username.invalid)); Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DBCP datasource works on 5.0.28 but fails on 5.5.9
Steve Kirk wrote: Thanks nix. Could it be that you've missed the fact that DataSource JNDI resource setup definition has changed in TC 5.5? It is no longer with those parametername.../namevalue.../value/parameter. Yes I already changed that. I used to use the approach you mention in 5.0.28, i.e.: ResourceParams name=jdbc/myResource parameter nameusername/name value.../value /parameter parameter namepassword/name value.../value /parameter etc /ResourceParams But noticed that the new 5.5 DBCP example used this approach: Resource username= password=... etc / So I switched to that, but still no joy. PS does it actually say in the docs anywhere that the parametername.../namevalue.../value/parameter approach is *NOT* valid in 5.5? If so then I've missed some docs somewhere, maybe there is other new stuff that I haven't seen. It definitely does not work in 5.5. I've used the config from the docs page with PostgreSQL and it worked. Other possible problem is that the driver class didn't load. Where have you placed the JDBC JAR? It goes either in ${CATALINA_HOME}/common/lib since it must be accessable to TC. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DBCP datasource works on 5.0.28 but fails on 5.5.9
Steve Kirk wrote: When TC starts up, the webapp deploys OK from its war file, and the context.xml is copied to the /conf/[engine]/[host]/ folder OK, without any parsing errors logged. The connection pool initially seems to work, in the sense that this code executes OK: Context ctx = new InitialContext(); String resourceString = java:comp/env/jdbc/ + config.getString(ConfigConstants.JNDI_DATABASE_RESOURCE_NAME); DataSource pool = (DataSource)ctx.lookup(resourceString); However, an Exception is thrown the first time that I do this: Connection conn = pool.getConnection(); This doens't mean much. You will get a DBCP object event if connection data is wrong. It will however fail on attempting to obtain a connection. In my oppinion it would be nice if it failed during web app deployment, thus not leading us to believe all is OK. Although it would be yet another source of frustration. And I can see an argument that failing to correctly setup a DataSource should not invalidate the entire web app, since it could be setup with N DataSources and inteligence to choose one that works. - Exception caught when establishing/testing database pool cause[0]: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' This most commonly means that the definition of the DataSource resource lacks driver definition. Could it be that you've missed the fact that DataSource JNDI resource setup definition has changed in TC 5.5? It is no longer with those parametername.../namevalue.../value/parameter. Check it out. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache vs Tomcat WRT Security
David Smith wrote: I won't argue with no. 1 since I don't use SSL connectors in Tomcat. However, no. 2 can be mitigated with the commons-daemon project among other tricks and IMHO, not a valid argument against having Tomcat out front. Just my thoughts on the subject. :-) I'll just add to the mix... The way I see it, you will use Apache as a front end for other reasons. Some of them might be: 1. You already have a web site, into which you would like to plug-in your applications 2. You would like to use Apache's mod_rewrite 3. You would like to mix PHP, ASP, Perl or something else on your global site 4. You have a need for exotic authentication, like LDAP or Kerberos5/SPNEGO (read: MS Active Directory) 5. You have a need for any of those nifty modules of Apache 6. You would like to use dedicated servers for TC's application serving and load balance Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to access JSPs using servername/~username
Akhthar Parvez. K wrote: Hi, I used to access the html webpages using servername.(http://servername/~username) But I am not able to access JSPs in the above fashion. What could be added into server.xml so that I can access jsps using servername.(http://servername/~username) There is no ellegant solution, like in Apache HTTPD (UserDir directive). Firstly, Tomcat doesn't really care about users on the system or their home directories. Secondly, it deals with Web Applications, known as Contexts, rather than directories. Sure, you can keep your JSPs in a directory, but they can also be in a WAR file. So, with Tomcat there is no UserDir concept. What I usually do, is one VHost - one user account and then create webapps dir for TC web applications. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE : Common vs. Shared
LERBSCHER Jean-Pierre wrote: -Message d'origine- De : Ron Heeb [mailto:[EMAIL PROTECTED] Envoyé : vendredi 6 mai 2005 18:18 À : tomcat-user@jakarta.apache.org Objet : RE: Common vs. Shared my understanding comes from this book i got: 'common is responsible for classes that are used by Tomcat and publicly available to all Web apps'. shared is like common, except that 'developers can place their own classes and JAR files into the shared class loader domain'. ${CATALINA_HOME}/server/lib is picked up by TC only ${CATALINA_HOME}/shared/lib is picked by all web-apps ${CATALINA_HOME}/common/lib is picked up by both TC and all web-apps ${Context_HOME}/WEB-INF/lib is picked up by that web-app only Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to access JSPs using servername/~username
Tim Funk wrote: There is the concept of user dirs ... http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/host.html See the section User Web Applications I stand corrected. I still prefer explicit context mappings. How would you deploy JNDI resources in userdir case? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and SuSE 9.3...
Quinton Delpeche wrote: On Thursday 12 May 2005 14:12, Bjrn T Johansen wrote: But why do you use the Tomcat that comes with SuSE 9.3?? I am using SuSE 9.3 and Tomcat works like a charm.. (but I don't use SuSE's version...) Yeah ... I asked myself that same question 3 minutes ago. :( I guess I will go to a NON-SuSE version of Tomcat. I just normally like to use the ones that come with the Distro, because they are apparently tested and there should be NO issues... ...well I guess NOT. :( What happened to SuSE? They used to be professional... What version of Tomcat are using on SuSE 9.3? I have downloaded 5.5.9, but now I broke the one SuSE 9.3 install, so I will have to re-install first. You could try JPackage, but be prepared for dependency nightmare. *sigh* Should have stayed in bed today. ;) Sometimes... Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to access JSPs using servername/~username
Tim Funk wrote: ~user/public_html/META-INF/context.xml might do the trick. So, the magical name of the UserDir context is context? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DBCP ClassCastException
Dhiren Bhatia wrote: I'm using BasicDataSource because javax.sql.DataSource does not have methods to set the driver class name, url, username/pwd etc. My app needs to support different databases and the driver is loaded based on which database is installed. You've got it backwards. It is the responsibility of a J2EE container to use whatever the implementatio it likes and set those parameters and then give your application just javax.sql.DataSource. THAT will make your application portable. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache+Tomcat
Praveen KUMAR wrote: Hello, I am little bit confuse in following decision: Should be use 1- Apache (2.0.54) + Tomcat (5.0.28) in production with tomcat listener (through Coyote connector) configured with mod_jk (1.2.12) with apache 2- Or Standalone Tomcat (with their standard apache provided by tomcat) What would be difference in both the scenarios in terms of performance and reliability? Scenario 2 is easier to implement, there are fewer things that can break and less config files to maintain. Scenario 1 gives you a unified setting of your web space. You just simply know that you have one front-end, Apache. In that case Apache receives the initial HTTP request and can handle parts of it. The most interesting aspect of such a setup are authentication and redirection. While Tomcat has some rudimentary aliasing, Apache is superrior when it comes to URL rewriting, redirections and proxying. On the field of authentication, Tomcat supports HTTP-Basic, HTTP-Digest and SSL-based authentication. Apache can add to that SPNEGO (Kerberos5, read Microsoft Active Directory Service), plus several backend mechs for the Basic and Digest (LDAP, MySQL, PostgreSQL,...). Tomcat can only benefit from that. My advice to you, if you're learning or experimenting, use Tomcat StandAlone. If you're thinking production, gather your requrements and see what fits you best. It could again very well be TC standalone. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: upgrading a servlet
Zohar Amir wrote: Hello, I'm using Tomcat 5.0.28 on Red Hat linux. What is the correct procedure to deploy a new version of the same servlet? If the servlet is in WEB-INF/classes/... upload the class file. If it is in a JAR in WEB-INF/lib/... upload the whole JAR. The reload the web application (context). You can use either Ant or TCs internal admin/manager application. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
(Maybe not so) strange behaviour of request.getRequestURL()
Hi all. I've been struck all of a sudden with this. servletRequest.getRequestURL() returns null. Now, thinking about it, I can give some facts that might shed some light on it and I'm pretty sure I know why it is happening, just want to confirm with you guys. And just wandering if anyone can tell *what* is happening. I repeat, I think I know the cause. I'm building a Struts based application and I had a Struts Action that was, at one point, extracting the URL and playing with it. All of a sudden it stopped working, belching with NullPointerException. Same method, no change. One thing that I DID change was Struts chaining. I have created another action that is in front of it and chains in on that one, without redirects. This effectively means that I have one active component, like a Servlet (OK, Struts Action is not *exactly* a Servlet, but it is very close), which forwards to another. It would appear, that the second component in the chain of request handling is either loosing or is never getting some request properties. So, my questions are: 1. (obviously) Has anyone else seen this in Struts? 2. What would have happened in the case of real Servlets? Suppose I create 2 Servlets, have one forward to another, will the second Servlet be able to get request.getRequestURL()? It could be that this is Struts' mucking around, but it could be that it is a feature of JSP/Servlet specification. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why 8080 and 8443 ..?
David Whitehurst wrote: Chuck: Could you elaborate on what those parameters would be? A port is just a number. I'm trying to understand the history, but I would appreciate your comments on the other things required to make Tomcat production ready on top of just changing the Coyote connector from 8080 to 80 and 8443 to 443? The history is relatively clear. Normal Internet ports for HTTP/S are 80 and 443. Since Tomcat is usually running first as a test project on some machine that already has a web server, in order to avoid conflicts or (which may even be worse in test situations) having ot connect Apache and TC, it is most reasonable to shift those ports. Since TCP:0-1024 is already overbooked with registered services and TCP:1024-x has a lot other registered services, it seamed reasonable to place it at 8000 + 80,443. As for production, you have several things to consider. Do you want to run TC standalone or behind Apache? Most likely you will not want TC to run as root, so you will have a dedicated account for TC, like tomcat or tomcat4 or tomcat5. You need to setup file permissions so that TC can access the files it needs. If it is running standalone, you need to allow TC to bind to ports 80 and 443, something best accomplished via Apache Jakarta-Commons Daemon and JSVC. If it is running behind Apache, you need to setup a connector, like WARP (mod_webapp - prehestoric, but the ISP I'm working for at this moment uses it), JK2 (good, but abandoned and merged into JK) or JK. And all of this needs setting up. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OT: Good taglib repository - looking for date hadling tags
Rahul Akolkar wrote: One such repository: http://jakarta.apache.org/taglibs/ I feel dumb not looking there first. Alas, I'm not in a position to use them, can you believe that? I'm using Struts 1.1 and it just doesn't live well with JSTL. Tried it and had XML parser errors during application deployment. This problem had been noted by others and the only solution was to remove JSTL. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem Binding Tomcat to Ports 80/443
Craig wrote: Hey Tomcat Users! I am having a very desperate problem with Tomcat. I have a demonstration due later today, and the script I have been using to run tomcat (5.0.27) on ports 80/443 doesn't seem to do the job -- though it had been workingfor weeks up until a restart earlier today. I'm getting these kinds of errors in catalina.out when I try to start it on port 80/443: Apr 26, 2005 1:23:55 AM org.apache.coyote.tomcat5.CoyoteConnector pause SEVERE: Protocol handler pause failed java.lang.NullPointerException ... Apr 26, 2005 1:24:04 AM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.net.BindException: Permission denied:80 I don't have anything running on ports 80 or 443, as a netstat -ltun shows: Then you're running TC as an unprivileged user (tomcat4 or tomcat5) and only superuser can bind to ports 1024. Or, as a long shot, maybe you've enabled security, but TC should be able to bind to 80/443 with default security setup. Anyway, I suspect it is the unprivileged user issue. It can be resolved in three ways. 1. Run TC behind Apache, which would run on ports 80/443 and TC would be connected via mod_jk (or mod_jk2, if you're sentimental/more adapt to it) 2. Run TC as root, since it is a demonstration, that additional risk is not going to kill you, but it is definitely not for production. 3. Run TC via Jakarta-Commons Daemon and it's JSVC Solution No2 is the fastest, try it out and if it works, you can calm down and play with the other two. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: need help
Robert U. Chan wrote: Good day! Hope somebody can help me with my current problem in tomcat. I have been seeing an 'error in getDescSql in StaticMethod' in the console of tomcat. Can somebody help me know the cause and solution to this problem. This could be some SQL code in your web app. For instance, it could be a JSTL SQL tag or something like that. Something that is using logging facilities to print it's error messages. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OT: Good taglib repository - looking for date hadling tags
Hi all. This is not exactly a Tomcat question, but since there are so many of us developers (and admins) around, I thought I ask. Is there a good repository of free JSP tag libraries for some common things, like date printing/formatting, table display, etc? When I say, date printing, I mean, if I have java.util.Timestamp, or even better, java.sql.Timstamp, I'd like a tag that can print that as a date or just time or a full timestamp. For tables, I think I saw somewhere a tag that could print a collection as atable with alternating style for rows, allowing you to format it with CSS. What are you guys using when you need to print a date from a timestamp? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with PHP?
Cameron Sim wrote: Thanks mate. From: andrew [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Tomcat with PHP? Date: Tue, 19 Apr 2005 11:04:41 +0200 Dear Cameron, You will need to use Apache with PHP, and use the Tomcat/ Apache connector so that apache pushes the requests through to tomcat (jkmod) Effectively you will have 2 seperate applications, and use the URLs/ browser requests to talk with each other Also note that there is a PHP servlet for Tomcat (or any other JavaServlet/JSP container), but I have no information on the list of PHP modules supported by that config. It could be that that PHP servlet is just calling PHP CGI version (most likely), so anything you load will run. Calling any CGI from within a servlet is a definite slowdown and is to be avoided, if possible. One thing also worth noting is that PHP is not thread safe. The core of PHP is (most likely) thread-safe, but a number of external libraries linked to PHP sub-modules are definitely not thread-safe. This forces us to run Apache 2.0 in Pre-Fork mode instead of full-blown Multi-Threaded. This in itself is not catastrophic, but is annoying. I don't know what are the benchmark comparisons between the two, but they must be in favour of MPM, otherwise Apache team would have dropped it a long time ago. Bottom line - it would be nice if you could weed-out PHP from your application altogether and have a Tomcat-exclusively server. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: can't see a tomcat installation on home network
Greg Baynham wrote: I can ping to the Linux box, but not telnet. Nowdays NOBODY enables Telnet, unless they are totally sure the network is safe. And with the presence of freeware SSH clients, like OpenSSH on Linux and PuTTY on Windows, nobody has to run Telnet, even on safe networks. Try SSH, instead of Telnet. Download PuTTY and install it. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: images/static content in jar
Don Hill wrote: I have a war that has folder like /images and /content, is there a way to config tomcat so that I can package these in jar, I know I can write a custom servlet todo this but I would like this to be handled by the servers servlet container. The reason this is my concern is that I think that the servlet container has a better model for handling request rather than a servlet that has to invoke a openStream, seems this would cause some contention and perf issues. Just to clarify (not really offering a solution, sorry). The reason why you want to do that is to have some ability like skins in Mozilla and other products, right? I mean, all static content can be a packaged into a WAR file, if packaging is what you need. If you'd like to have skins for your application, even dynamic skins, I'd sugest a servlet that would unpack/remove all static content from a set of JARs. A skin change would: - unpack a new JAR to a temp dir - stop or pause the application - mv static dir to some other name - mv temp dir to static - un-pause application - cleanup Access to static content would still be better off being handled through a servlet, how would you expire the old data otehrwise? Imagine half of your skin being new and the other half old... Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can you use Tomcat when you are not on line?
Vaneet Sharma wrote: :) Well to test to examples, it connects to internet ( may be) The problem is in IE. If you're offline, it is also offline. And IE cannot connect to a server (any server) if it is offline. Just go to file menu and place it online, no need to connect. Or use Mozilla (I just love that HTML validator in Mozilla, it rocks - look for Tidy HTML validator for Mozilla). Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Slightly OT] MVC approach when JSP are not allowed
Elihu Smails wrote: I am working on a project that uses servlets exclusively. I would like to take advantage of a Model-View-Controller system in order to develop my servlets. For the last servlet project I worked on, I was in charge of the back-end data processing and did not have to mess with HTML. This time I do have to roll up my sleeves and play with HTML. So I ask the question. Since the requirement that I have is to use servlets only, can I use something like Struts or Java Server Faces? I am reading some information and it looks like they both rely on JSP to ge the job done. Struts can help you, but the views will have to be done as JSPs. Of course, you can alway compile JSPs into servlets, Ant can help you with it. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
One quick question on running TC in security mode
Hi all. I'm faced with a situation where I need to deploy an application on a server that is running TC 4.1 with -security option enabled. I have figured out that I need to edit catalina.policy file and grant my application permissions. I'm testing config on my home machine running 5.5.7. Now I'm slightly baffled. The application needs to connect to a DB, send mail and write/read files from the file system. All is well except mail sending. This is my catalina policy file: grant codeBase file:/home/test/webapps/test/- { permission java.net.SocketPermission localhost:5432, resolve,connect; permission java.net.SocketPermission localhost:3306, resolve,connect; permission java.net.SocketPermission localhost:25, resolve,connect; // permission java.net.SocketPermission localhost:*, resolve,connect; permission java.io.FilePermission /, read; permission java.io.FilePermission /-, read; permission java.io.FilePermission /tmp/-, read,write; }; And this is what I get when a JSP page tries to send an e-mail: *root cause* java.security.AccessControlException: access denied (java.net.SocketPermission localhost resolve) java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) java.security.AccessController.checkPermission(AccessController.java:427) Any idea what is wrong? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: One quick question on running TC in security mode - still problems
Nikola Milutinovic wrote: Hi all. I'm faced with a situation where I need to deploy an application on a server that is running TC 4.1 with -security option enabled. I have figured out that I need to edit catalina.policy file and grant my application permissions. I'm testing config on my home machine running 5.5.7. Now I'm slightly baffled. The application needs to connect to a DB, send mail and write/read files from the file system. All is well except mail sending. This is my catalina policy file: grant codeBase file:/home/test/webapps/test/- { permission java.net.SocketPermission localhost:5432, resolve,connect; permission java.net.SocketPermission localhost:3306, resolve,connect; permission java.net.SocketPermission localhost:25, resolve,connect; // permission java.net.SocketPermission localhost:*, resolve,connect; permission java.io.FilePermission /, read; permission java.io.FilePermission /-, read; permission java.io.FilePermission /tmp/-, read,write; }; Heh, found one cause, the mail jars were not in my WEB-INF/lib, but in the ${catalina.home}/common/lib. Now, I have modified the catalina.policy file: grant { permission java.net.SocketPermission localhost:25, resolve,connect; permission java.net.SocketPermission localhost:3306, resolve,connect; permission java.net.SocketPermission localhost:5432, resolve,connect; }; Now sending starts, but I get the following exception: javax.activation.UnsupportedDataTypeException: no object DCH for MIME type text/plain Am I missing something? When security is turned off, mail gets sent. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Equivalent of Resin run-at servlet configuration
Subramanya Sastry wrote: Hello, I am developing a Java web application, and one of the requirements is to run a particular servlet periodically, or even at specified times. Resin provides this ability via its run-at configuration element for servlets in web.xml Example Resin configuration: servlet servlet-namedownload/servlet-name servlet-classDownloadNewsServlet/servlet-class run-at period='360m'/ /servlet However, I haven't found an equivalent configuration for Tomcat. I searched the web and was unsuccessful. So, any pointers as to how I could achieve this for Tomcat would be appreciated. There is none and shouldn't be any. I understand the need to run periodical tasks, but J2EE specification, prior to 1.4 has no such provisions. Further, Servlet/JSP specification has no such provision, even in J2EE 1.4. You'd be best advised to setup a cron-job to perform this periodic activity. There are several good HTTP client packages out there, Jakarta-Commons HTTPclient, to name one, that will help you in building the client side of your cron-job. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JavaMail API ?
Hi all. I'm running Tomcat 5.5.7 on Windows XP and Sun JDK 1.5.0_01 I notice that JavaMail API is missing from BOTH Tomcat and JRE. There is no javax.mail.* hierarchy in ${JAVA_HOME}/lib/rt.jar As a consequence, I cannot use Mail API (javax.mail.*) without adding javamail-1.3.2.jar to ${CATALINA_HOME}/common/lib. What is the story on this? Is JRE 1.5.0 supposed to have or not to have javax.mail.*? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JavaMail API ?
Nikola Milutinovic wrote: Hi all. I'm running Tomcat 5.5.7 on Windows XP and Sun JDK 1.5.0_01 I notice that JavaMail API is missing from BOTH Tomcat and JRE. There is no javax.mail.* hierarchy in ${JAVA_HOME}/lib/rt.jar It is also missing JAF (Java Activation Framework). I mean, no problem, I CAN get a hold of those JARs, but really, what's the story? A simple mistake on Sun's or TC team's part? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JavaMail API ?
Frank W. Zammetti wrote: I wouldn't have expected to see them in Tomcat frankly... Although sending eMails from a webapp is relatively common, it's not common enough to be included with an app server (well, except for Websphere, which generally includes everything under the sun!) I am kind of surprised it hasn't been incorporated into JDK1.5 though, that would have been a reasonable expectation. Is it perhaps rolled into J2EE instead? I don't know. Same for JAF. Most of you responded that JavaMail and JAF are a part of J2EE, while Tomcat provides only a subset of J2EE. I agree with that. The reason for my post was the fact that: 1. TC 4.1 has JavaMail support, just as TC 5.0 (at least in JPackage version) 2. TC docs for all versions list a JavaMail over JNDI example Rolling JavaMail support into TC 5.5.7 wasa breeze, but you should warn people of this. Or I wasn't paying enough attention to docs (which could also be the case). Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Startup
Caldarale, Charles R wrote: From: Nikola Milutinovic [mailto:[EMAIL PROTECTED] Subject: Re: Startup While 5.5.7 can be made to run on JDK (not JRE) 1.4.x, it is not intended for 1.4 series. I suspect that would be news to the developers. The 5.5 branch runs perfectly fine on the 1.4.2 JRE (the JDK is _not_ needed), as long as the compat.zip download is added to the primary download. 5.5.7 is also noticeably faster than 5.0.30, even on the 1.4.2 JRE. :-P I didn't say it cannot work. It can, but it has been stripped of APIs that are provided with 1.5.0, which are not present in 1.4.2. Which is why you need that compat.zip, right? I'm not sure if there are any other improvements over 5.0.x series, other than that. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Startup
patrick et michelle wrote: Hi there, I'm a newcomer in Web technology and I need to understand how to configure Tomcat 3.3 First of all, current versions are 5.0.30 and 5.5.7 (for JDK 1.5.0, or actually JRE 1.5.0). While 5.5.7 can be made to run on JDK (not JRE) 1.4.x, it is not intended for 1.4 series. Version 3.3 is really ancient. Series 4.x.y was the helm of Servlet 2.3 and JSP 1.2 specification, wjile 5.x.y is helming Servlet 2.4 and JSP 2.0 Go for 5.5 if you can, otherwise 5.0.30, unless you're crippled with some exotic OS that has no JDK 1.4 written for it. If it has a regular 1.3, go for 4.1.x In fact, I can see that the servlets examples offered with tomcat are located in tomcat\jakarta-tomcat-3.3.2\webapps\examples\web-inf\classes\whatever.class Although, the URL to invoke these servlets is HTTP://localhost:8080/examples/servlet/whatever.class This is just in case the invoker service servlet is active. That is not the default on 4.x and higher Tomcat's. How is this URL-directory path relation done ? (through what config file / what command / TAG ??) Invoking URL is configured for each Context (or Java Web Application in Servlet/JSP specification). You are free to map it anywhere you like. If I want to build a web application and want to put a new directory structure, where do I put it and what configuration files do I have to modify in order to be able to invoke them through a URL. For your new web application you must configure a Context within the desired VirtualHost. The Context in question will tell Tomcat where to look for the files and where to map the application in the URL space. Can somebody provide me with a step-by-step ? Go to jakarta.apache.org, look for Tomcat and read the docs. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Starting up Tomcat when the Linux starts up
David Smith wrote: Depends on your flavor of linux. Mandrake (I've heard RH is similar) stores the init script in /etc/init.d with a sym link in /etc/rc[runlevel-here].d. For example, if your script is tomcat5, then tomcat5 would be stored /etc/init.d w/ a sym link to it from /etc/rc5.d. 5 being the runlevel where X is started and run. The name of the sym link is S[some-priority-number]tomcat5. Take a look at your linux docs and other services for more info. Low numbers are started first, high numbers last. Tomcat's console output is usually redirected to logs/catalina.out. Perhaps a good pointer on how to do it is JPackage (http://www.JPackage.org), they have tons of Java packages in RPM form. Tomcat is at 5.0.28, I think, but it can give you a clear picture on how to do it. Oh, and they also have source RPMs, so maybe you cna build your own RPMs... Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Free online presentation on native webserver integration and Tomcat
Remy Maucherat wrote: Hi, Mladen Turk and myself will do a free (registration required) presentation tomorrow (Wednesday, February 23, 2005 at 1pm Eastern Daylight Time (GMT -04:00, New York)), mostly on native web server integration with Tomcat. http://www.jboss.org/services/online_education Topics which will be discussed include: - short intro on Tomcat inside JBoss - mod_jk configuration - presentation of upcoming mod_jk features - mod_proxy presentation Nearly half of the presentation will focus on ongoing native connector development and roadmap. It will be concluded by a demo of a failover scenario featuring the newly added jkstatus. I know there are quite a few people who are a bit confused about where this part of the Tomcat development is going ;) Will this be downloadable, by any chance? Some of us can't make it and have a shoddy Internet connection... Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk vs. jk2
Matt wrote: If jk2 is abandoned, why would I use it over jk_1.2.8? Platform reasons? Feature reasons? Performance reaosns? Other? Anyone? Well, for one, it works and I have a ready to run config files. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Content-Type removed from the Http Response when file is accessed through Tomcat Connector
Bedrijven.nl wrote: maybe security (settings) of ie?? The poster clearly indicated that the thing works on Tomcat direct port. Could be that JK is stripping that header. Maybe it expects web server to provide it's own? You could try to setup MIME type on the Apache itself and see if it fixes the problem. I do realise that this is highly impractical, in a general case scenario. JK shouldn't strip that header. The question is, is it being setup by Tomcat in the first place? I mean, is Coyote JK actually removing or not creating the header in question? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hiding resources
Mario Winterer wrote: Hi! I'm running a web application that is under CVS, which means my web application contains a lot of CVS-related directories (for the CVS-metadata). Is there a possibility to tell Tomcat to hide or protect all those CVS directories? More general, what I need is a way to hide/protect all files or directories with the name pattern */CVS/*. As far as I know, neither a servlet/filter-mapping nor a security constraint support this type of pattern (with two wildcards). So I think, the only way to protect my resources is to implement a custom filter that is mapped against / and checks every incoming request. Is there a better approach? Yes, there is. Use some build tool for your operations, like Apache Ant. Ant can pull neccessary files from the CVS, copy them to the staging area, package WAR and deploy it to Tomcat. All nice and clean. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multiple hit from one user problem
Dola Woolfe wrote: Hi, Since this doesn't appear to threads issue I'm taking it out into a separate thread. I'm running TC 5.4.4 on port 80 with no Apache on XP Pro. A colleague on mine has an Excel spreadsheet attempts to perform about 2000 very short queries, most likely in sequence. About half of the way through, the server stop responding to him. When he then uses the browser to go to one of the pages served by the server he gets a page cannot be displayed. After about 2 min (we never really timed) things return to normal. This sounds like resource exhaustion. Either the client is holding HTTP connections open (Excel? No, it could not be so ;-) ) or the server is not releasing DB connections. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ?? Sharing the JSTL JARS and Classloading ??
Wendy Smoak wrote: From: Tony LaPaso [EMAIL PROTECTED] You have some good points, Jake. Thank you for the response. If you happen to run across the statement from Craig M. regarding Struts I'd like to see it. http://struts.apache.org/faqs/kickstart.html#jar The struts.jar file MUST be in each webapp, and not in any common location. Disk space and memory are cheap, I'd rather each webapp be a self-contained entity than to have to bother with making sure each server has the right things in various places. Not to mention that if I want to play with a newer version of some library, I don't risk breaking existing apps by replacing the common version, nor confusing the class loader by having both the old and new versions on the classpath. One other note - Tomcat gives you a framework contract, a contract defined by JSP/Servlet specification. There is no mention of JSTL in it. Thus, it is unwise to make it shared, since it involves making the JSTL more internal than external, from Tomcat's point of view. The situation with JDBC drivers, for instance, is slightly different. For use with DataSource mechanism, you have to place JDBC driver in shared area. But, on the other hand, DataSource, although not a part of JSP/Servlet specification, is not exactly external to the whole story. I understand the desire behind the original idea. I build packages myself and that usually leads me to not placing one content in several places. How about placing the JARs someplace public, OUTSIDE Tomcat, and making symbolic links in the web application's area? Again, that WILL make the web application in question dependant on some JARs not present in the package. If you're prepared to make your own RPMs no big deal. So, are you? :-) Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication - Best practice
Rajaneesh wrote: Hi, It uses Base64 for sending the data. Heard that Base64 data is easily compramised compared to SSL. Please correct me if I am wrong. You are not wrong. HTTP Basic authentication uses base64 encoding of user credentials. base64 is encoding, not encrypting. The only thing you need is a program to decode it. UNIX has a freeware utility base64, which can do that. SSL is encryption using asymetric+symetric encryption. Asymetric is used for the initial handshake/negotiation (usually RSA) and symmetric is for the channel traffic encryption (usually 3DES). Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache2 tomcat5 jk2 questions
Casas, Claudia wrote: No way! I just got my server completely working on jk2! Does anybody have any links or resources that talk about this. If this is really a big issue, I will definitely move back to jk Sorry. I was as bitten by the news as you are. The thing is, if it is working, not only shouldn't you fix it, but relax. JK2 is OK - if it works. It is a stable mechanism, it is just not going to be developed any more. If the present functionality satisfies you (as it does satisfy me), keep on using it. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: workers2.properties
Troy Simpson wrote: How does Apache2 find the workers.properties file? According to page 245 of Professional Apache Tomcat 5, it says: These settings provide detailed information about the configuration setup to Apache2, including the location of the workers2.properties file and the debuggin level of the config component. # config settings [config] file=APACHE2_HOME\conf\workers2.properties level=INFO debug=1 How can Apache2 find the workers2.properties file if its location of the workers2.properties file is inside the workers2.properties file? :-) A good point. That entry in workers2.properties should be mostly informational. If you're placing that file some place other than default or you wish to make absolutely sure where it's located, use Apache directives for mod_jk2: IfModule mod_jk2.c JkSet config.file=/usr/opt/Apache-Mod_JK2/conf/workers2.properties /IfModule That is what I place in my httpd.conf (or in my setup, ${ServerRoot}/add-on/jk2.conf) Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: common image practice?
D. Stimits wrote: I'm looking for a good or best practice to deal with site-wide logo type files...things that will never change, and that every app will want access to. This is on linux, but enabling sym links just seems to be an admin/backup complexity, and duplicating logos in every project also seems wrong. I see the shared directory looks ideal, but apparently this is only for classes or libraries. Perhaps a simple logo loader class in the shared folder would be most convenient, but I have to wonder if loading something as simple as a small logo should have to use the overhead of going through a class. You could place logos and such common stuff in a separate globa path, otside all webapps (like in the webserver ROOT). This is totally un-self-contained. A slight imprvement is to have a set of common classes that know what that global path is, could be configurable. That would make you semi-self-contained. A completely self contained solution is hard to achieve, if not impossible. How can anything OUTSIDE your webapp be a part of self-contained module. I mean, it's outside... Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSTL/JSP/regexp Question
Jack Lauman wrote: I'm using the following code to return results from drop down menues and user input text. It works fine as long as the text is an exact case sensitive match to the data record. What I want to do is evaluate the output the results of a user input search based on 'param.field' in figure 3. i.e. If 'param.field' = 'name' use a regex or some other method to return all records that are a partial, case insensitive match to the input 'value' that was submitted in the search request. Is this possible to accomplish in JSTL? If so I'd like to know how. Jakarta has two RegExp projects, RegExp and ORO. Maybe you could build a bean around one of them and do RegExp yourself. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK/JK2 connector className?
Thomas Charles Robinson wrote: !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=100 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ It says in the comment that it is a 'Coyote/JK2 AJP 1.3 Connector' but can I use this with a JK connector? Actually, is the org.apache.coyote.tomcat4.CoyoteConnector compatible with JK? Also, will the org.apache.jk.server.JkCoyoteHandler provide the correct connection to apache (2.0.50) running mod_jk (1.2.5)? I am trying to comprehend the docs but not having much success/fun with them. Can someone further my enlightenment, please? Heh, the AJP 1.3 channel consists of two ends, Tomcat end and Web Server end. The Web Server end is your mod_jk/mod_jk2 (and soon to be, mod_proxy_ajp), while the Tomcat end is the Coyote connector. So, whatever Apache module you use, be it JK1 or JK2, you will use the same connector class on the Tomcat side. It is not JK1/2 specific. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Strange Authentication Behavior
Peter Neu wrote: Hello all, does anyone know what I means when I get this error message: The requested resource (/favicon.ico) is not available. when I try to log in via form authentication. This error occurs when I use Firefox. /favicon.ico is a semi-supported feature, introduced by IE5, if I'm not mistaken, but now dropped by IE6. It allows a web designer to associate an icon with the web site. This icon usually apperas in your location par of the browser, usually on the left of the URL. I don't think it has anything to do with FORM authentication. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: which to use: JK2 or JK?
Ralph Einfeldt wrote: Sorry, but I think you are wrong. There have been several post in the last days from the developers, that clearly say, that there will be no further development for mod_jk2. This saddens me. I was under th impression that JK2 was more advanced. What are the reasons for abandoning it? The concept of workers, channels and such stuff was great, although it took some time to grasp. Some features of mod_jk2 will be ported to mod_jk. Is there any comprehensive documentation on this? Also, if we are to drop JK2, will there be an effort made to make comprehensive documentation on JK1? The other development is mod_proxy_ajp as part of the apache webserver project. That's for the Apache 2.2. Nice to know, but in the distant future for me. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Form Authentication Trouble with Firefox
Peter Neu wrote: Hello everybody, I'm using form authentication to log on the users to my website. Until now I was using Mozilla Firefox for developement but now I came across this problem that Firefox doesn't allow a clean log in and always redirects to the error.jsp. The authentication is correct because it works with the IE. Does anyone have this problem, too ? If not this means I can't serve any Firfox clients. Are you sure you're doing it right? No offence, but I've seen FORMs that seemingly worked on IE, but refused to work on Mozilla and vice versa. Your FORM should (or must, depending how you feel about standards) be HTML 4.0 correct. You should also try to find out what is actually being sent dfferently. A sniffer or a filter on the Tomcat could do that. Or just direct the form to some JSP that will print out the request parameters. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: which to use: JK2 or JK?
Erez Efrati wrote: Hi, I am installing an apache + JBoss/tomcat and I need to run the JK module. Now I understand that the JK2 is no longer supported so does it mean that it would be better using JK1.2? What do you mean by no longer being supported? The current status is thet JK1 is considered production grade, while JK2 is still, well,... not in Beta Phase, but something like a successor to JK1. We're using mod_jk2 2.0.2 and it has been running smoothly for almost a year. I prefer JK2 to JK1, but that is my preference. JK2 will be the official connector in the future, so if it works for you, stick with it. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hi
Simon Kelly wrote: Craig, FYI : There was a worm virus in one of the attachments you sent out. Time to virus scan your sun box ;o) It is NOT Craig! Todays (and yesterdays) viruses forge the sender's email address. They usually pick one from the address book. So, the only thing we can conclude is that someone subscribed to this list and having Craig's e-mail in his/her address book is infected. The only way to tell for sure is to track down the IP and from that to track down the infected machine. ISP dial-in accounts can and does complicate matters. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FW: Virtual host (JSP) in Apache+Tomcat+Mod_jk
Batpurev wrote: Dear all, I am sure the list is always talking and discussing about Virtual host (JSP) in Apache+Tomcat+Mod_jk problems. Though I need some advices from experts or experienced people in this list. There are three (sometimes complex) steps to take: 1. Setup Tomcat VHost 2. Setup Apache VHost 3. Setup mod_jk2 URI mapping For step 1, test it with Tomcat's regular Coyote HTTP connector. You must be able to access your web app as http://vhost.domain.com:8080/path/ For step 2, check Apache http://vhost.domain.com/ For step 3, it is recomended to make specific URI maps and map just the URI you wish to go to Tomcat. Other that this, I had no issues in the past. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: channelUnix.file is missing
FM wrote: Thanks, I modified my jk2.properties but now in catalina.out I have : INFO: APR not loaded, disabling jni components: java.io.IOException: java.lang.UnsatisfiedLinkError: /usr/lib/httpd/modules/jkjni.so: /usr/lib/httpd/modules/jkjni.so: undefined symbol: apr_md5_final How can I load APR ? This is a common problem on Linux, I believe there are a couple of HowTo-s. Basically, when building it, you need to either manually or by modifying the Makefile, add -lapr -laprutil to link flags for jkjni.so. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: channelUnix.file is missing
FM wrote: I read that tomcat is supposed to create the channelUnix.file=${jkHome}/work/jk2.socket file. But it did not. I use the binary of tomcat, do i have to use src to be able to use unixsocket ? In order to use a UNIX file system socket, you need to build and use jkJNI.so alongside mod_jk2.so. jk JNI is Jakarta (mod_jk2) Java Native Interface and is neccessary for UNIX sockets, since that concept is non existant in JVM. Then you need to tell Tomcat (actually Coyote JK2 module) where that shlib is, in order to make it possible to use UNIX socket. This is from my jk2.config # # Environment # jkHome=Apache-2.0.50-Jk2-2.0.4 jkUSR=/usr/opt/${jkHome} jkVAR=/var/opt/${jkHome} # Set the desired handler list handler.list=apr,request,channelUnix # # APR # apr.NativeSo=${jkUSR}/module/jkjni.so apr.baseDir=${jkVAR} apr.aprHome=/usr/opt/Apache-2.0.50-W apr.soExt=so # # UNIX file socket channel # channelUnix.file=${jkVAR}/channels/jk2.sock - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OT 32/64 bit classes
Dale, Matt wrote: Hi, We will shortly be moving over to a 64 bit JVM from a 32 bit one. My question is, are the classes the same between 32 bit and 64 bit? or do I have to rebuild both tomcat and the application? Every JVM on this planet uses the same Java ByteCode, which means that there are no 32-bit or 64-bit Java Classes, just Java Classes. I've run Tomcat on both PC/Linux (32-bit) and Alpha/Tru64 UNIX (64-bit), no problem. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OT 32/64 bit classes
Giuseppe Briotti wrote: Every JVM on this planet uses the same Java ByteCode, which means that there are no 32-bit or 64-bit Java Classes, just Java Classes. This is not really true ;-) The java byte code depends on target option for javac ;-) Aha. Yes, but it has nothing to do with 32/64-bitness. I believe that backward compatibility is OK. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache, Tomcat and mod_jk2 - question about layout
Allen Williams wrote: Second request: Would you post what you did to integrate the two? I've followed all the clues on both apache and tomcat websites, which is exactly what it says in three books I've got, and I still get a File Not Found error from apache when I go to the dynamic content. Is there some reference and description of the parameters and values for the workers.properties, jk2.properties, and httpd.conf files? Although the Jakarta website has some of this, the examples showing the parameters being used are pretty sparse. What does JkMount do? I can't find this documented anywhere. I assure you, I've spent DAYS on the websites, in the books, and looking for documentation whereever I can find it. First of all, enable mod_status and mod_info, those can help a lot, when you're in doubt. Second, one of the more common pitfalls, VHost on Tomcat and Apache MUST MATCH! Here is my config: ${HTTPD_CONF}/vhosts/www.elektrovojvodina.co.yu-vhost.conf -- VirtualHost 195.252.123.226:80 ServerName www.elektrovojvodina.co.yu ServerAdmin [EMAIL PROTECTED] DocumentRoot/home/www/public_html ErrorLog/home/www/logs/error.log CustomLog /home/www/logs/access.log common IfModule mod_alias.c ScriptAlias /cgi-bin/home/www/cgi-bin Alias /htdig /usr/share/htdig /IfModule IfModule mod_jk2.c # # Restrict access to JK status handler # Location /jkstatus/ Order Deny,Allow Deny from all Allow from 127.0.0.1 /Location # # Restrict access to JBoss JMX console # Location /jmx-console/ Order Deny,Allow Deny from all Allow from 127.0.0.1 /Location # # Set our (SETLD) location of workers file # JkSet config.file /usr/opt/JK2-2.0.4/config/workers2.properties # This should go in host settings, be it virtual or global # It can also go into workers2.properties file in the [uri] # sections (a more proper place, IMHO - Nix) # #Location /path # JkUriSetworker ajp13:unixsock #/Location /IfModule /VirtualHost -- jk2.config -- # # Environment # jkHome=Jk2-2.0.4 jkUSR=/usr/opt/${jkHome} jkVAR=/var/opt/${jkHome} # Set the desired handler list # handler.list=apr,request,channelJni # handler.list=apr,request,channelSocket handler.list=apr,request,channelUnix # # APR # apr.NativeSo=${jkUSR}/module/jkjni.so apr.baseDir=${jkVAR} apr.aprHome=/usr/opt/Apache-2.0.50-W apr.soExt=so # # TCP/IP Socket Channel # channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 channelSocket.maxThreads=50 # channelSocket.backLog= # channelSocket.tcpNoDelay= # channelSocket.soTimeout= # channelSocket.soLinger= # channelSocket.serverTimeout= # # UNIX file socket channel # channelUnix.file=${jkVAR}/channels/jk2.sock # # JNI inprocess channel # # # JMX handler # mx4j.port=-1 # # Shared Memory handler # shm.file=${jkVAR}/channels/jk2.shm shm.host=localhost shm.port=8009 shm.unixSocket=${jkVAR}/channels/jk2.sock # # Request handler # request.tomcatAuthentication=true # request.ajpidDir= # request.decodedUri= # request.secret= # request.useSecret= -- workers2.properties --- # # Logger level can be EMERG, ERROR, INFO, DEBUG # [logger] level=INFO [logger.file:0] level=INFO file=/var/opt/Jk2-2.0.4/logs/mod_jk2.log [config:] # # file=${serverRoot}/conf/workers2.properties debug=0 debugEnv=0 [uriMap:] info=Maps the requests. Options: debug debug=0 # [shm:] # info=Scoreboard. Required for reconfiguration and status with multiprocess servers # file=/var/opt/Jk2-2.0.4/channels/jk2.shm # size=100 # debug=0 # disabled=0 [workerEnv:] info=Global server options timing=1 debug=0 #==# # # # CHANNELS (physical means of sending to Tomcat instances) # # # #==# # [channel.socket:localhost:8009] # info=Ajp13 forwarding over socket # debug=0 # tomcatId=localhost:8009 # [channel.socket:localhost:8809] # info=Ajp13 forwarding over socket to JBoss/Jetty # debug=0 # tomcatId=localhost:8809 # [channel.socket:localhost:8019] # info=A second tomcat instance. # debug=0 # tomcatId=localhost:8019 # lb_factor=1 # group=lb # group=lb_1 # disabled=0 [channel.un:unixsock] info=A second channel connecting to localhost:8019 via unix socket file=/var/opt/Jk2-2.0.4/channels/jk2.sock lb_factor=1 debug=0 #===# # # # Workers (these accept requests from URI maps) # # #
Re: ActiveDirectory realm
Roland Carlsson wrote: Hi! I have tried to read the arcives about how to create an realm that uses Active Directory as source but all questions that seems to fit me has no answers. I need to be able to authenticate my users and authroize them in my jsp-code (eg: request.isUserInRole ). So, what libraries do I need to add? What should I write in my server.xml-file. The structure of the AD is com.mydomain/Users/JoeDoe (when looking in the gui-console). Can I use form-based authentication? Please do not refer to the LDAP mumbo-jumbo but rather use gui-elements from the AD-console if there are anything you want me to find out about our settings. ADS serves two major services: LDAP and Kerberos5 GSSAPI. It would be nice to be able to use GSSAPI, but currently, Tomcat cannot do it. Apache can, so maybe that's the way - using Apache as a frontend via mod_jk2. The basic structure would require web server, Apache or Tomcat, to be introduced as a web server into the ADS, giving it a Kerberos service key. Clients, IE or Mozilla, can use GSSAPI, if the user has been authenticated to the ADS (ADS Domain Controller is also a Kerberos KDC). For Apache, you can use mod_kerbauth or something like that (there is mod_gssapi, also). Tomcat doesn't have a server-side GSSAPI authentication module. It should be possible to write a filter for that purpose, but noone has done it, yet. Java does have all that is needed to use Kerberos in JAAS. It's just that someone has to write it. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Sv: ActiveDirectory realm
Roland Carlsson wrote: Hi Nikola! Thank you for your answer. Am I reading you correctly? Can't I use Active Directory today to Authenticate and Authorize people in my Tomcat-server without write a server-side GSSAPI? Isn't it possible through LDAP to do this? I have no need for SingleSignOn etc. If we didn't already have had a AD directory I should have used a database-realm. The answer is not so simple. It depends on what you actually want to do. And, yes, you can use LDAP. I believe there is a LDAP realm sample in Tomcat's docs. Authentication is done via an authentication mechanism. The web knows several mechanisms - protocols between web server and web client: - Basic: user/pass is sent in HTTP headers, Base64 encoded - Digest: digest algorithm (MD5?) is used, with pass as shared secret - Certificate: SSL is used and client-side certificate identifies user - Negotiate: a.k.a. SPNEGO, Kerberos tickets are used to authenticate - Custom: some systems offered Krb tickets in cookies Now, Basic is simple and can be relayed, in other words, the web server can stand in between a client and authentication service, like SQL database, LDAP directory, locally stored user/pass, etc. Digest is, AFAIK, not relayable, since the server MUST have a copy of the shared secret (password) in order to check the digest of the returned token. Token is created by the server, sent to the client, who makes a digest, using password as salt and returns it to the server. For that reason Digest authentication requires server to have it's own plaintext storage of user credentials. Certificate is fine, if you have them and can make an effort to maintain the certificate infrastructure (which is no simple task). Negotiate has come into the picture with the advance of MS ADS, since it uses Kerberos as a primary authentication mechanism. In this setup all servers offering some service (SMTP, IMAP4, HTTP) must be registered with the Kerberos KDC (Key Distribution Center), where a Kerberos service key will be issued to that service. In case of HTTP, the key principal is for instance HTTP/[EMAIL PROTECTED]. If a user logs onto ADS, that user will get a TGT token from KDC and will be issued a ticket for the HTTP service on *that* server. Server will check the token and client will check server's return token, so, in a tripple handshake, both server and client will be sure whom they are talking about. What this amounts to is that with Kerberos setup, you have a secure authentication mechanism (Kerberos encrypts auth traffic) and the actual authentication is performed in one place - the KDC. This is known as SingleSignOn - you log onto the network, not particular service. With LDAP you can get close to this. Yes, user credentials are in one place, the ADS. Users will have to type their user/pass, unlike in Kerberos setup. Yes, it is the same user/pass as the one used to log onto ADS. So far, so good. But, no, Basic authentication mech (the only one left, since Digest and others are non-applicable) does not offer any encryption. And users have to type user/pass for every realm. Of course, you can run BASIC(via LDAP) over SSL, but that has a CPU power price to it. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Sv: Sv: ActiveDirectory realm
Roland Carlsson wrote: Ok, so I can use LDAP to Authenticate and Authorize my users via AD. There are no problem with them having to write there credentials again, there are other solutions for that. About security we have to use SSL anyway so I'll guess that it will solve the problem. I'm trying with the following but get no information from the logs if there actually are any activity going on... Or if there are anything wrong. But I can't login. :-/ I've never done it myself. Try to break things up into smaller pieces - test LDAP from a standalone client, see if that connection URL and DN work at all. There are plenty of LDAP clients, OpenLDAP on UNIX, they have tons of links to other tools. There is a Java client as well on their site. Also, search the mailing list archive. There wre problems like yours reported before. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to abort processing of a JSP ??
N Tapas Kumar Choudhury wrote: Hi, I want to know, whether it is possible to abort the jsp execution while in the midst of processing a request ?? If anybody can through light on this I would be grateful.. Abort and do what? The most sensible thing to do is: - set the buffer to some reasonable large value - to abort, either throw an exception or issue a redirect Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Reducing network traffic for rollover images
Robert Hunt wrote: After some analysis and trial error, I've found** that the correct JS syntax in this application is: {HTMLElement}.style.backgroundImage = 'url( ' + img1.src + ')'; where {HTMLElement} would be this as in: a href=xxx onmouseover=this.style.backgroundImage = 'url(' + img1.src + ')'; ... Why are you using background? Why not a regular image? a href=... onMouseOver=img1.src = 'img1_over.gif' onMouseOut=img1.src = 'img1.gif' img name=img1 id=img1 src=img1.gif /a Or you can use DOM style: onMouseOver=document.getEllementByID( img1 ).src = 'img1_over.gif' Watching the Tomcat access log and using permutations of CSS and the FrankZ/jscript-caching-strategy to achieve the rollover effects, I've found that the background image is requested: IExplore 6.0Netscape 7.2 CSSeach mouseover once per page JS each mouseover once per page Try the real image, that is pre-fetched in a script. So, as has been 99% of my experience, NS does it right, IE leaves a bit to be desired. heavy sigh It appears that when .style.backgroundImage is modified in IE, another HTTP GET request is triggered. I'm going to see if I can do a swap with a hidden element that (already) has the desired style and see if I can fake out IE. I understand what you want to do. You want your rollover to be done in CSS, no JScript or JavaScript involved. I'm afraid ther is no ellegant way of doing it. Using the background is awkward. That a ellement has to wrap something other than thin air. So you'll be placing a transparent GIF or something else traslucent inside the tag. No, image rollovers work best the traditional way. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]